GHSA-PQHR-MP3F-HRPP Nuxt OG Image vulnerable to Server-Side Request Forgery via user-controlled parameters

Product: Nuxt OG Image Version: injection via html parameter GET /og/d/og.png?html= When verbose errors are enabled, the response content is leaked in base64-encoded error messages. Vector 3: SVG injection via html parameter GET /og/d/og.png?html= Mitigation Fixed in v6.2.5. The image source plug...

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

CVE-2024-4277

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouthtml’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2021-31731

A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter...

07FLYCMS 跨站请求伪造漏洞

07FLYCMS is a free and open source content management system from China Zero Takeoff 07FLY. A security vulnerability exists in 07FLYCMS v.1.3.9, which stems from an id parameter in the del.html component that allows remote code execution...

WordPress WPForms Lite plugin <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via fieldHTML Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form by WPForms versions = 1.9.3.1...

WordPress Formidable Forms plugin <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability

Reflected Cross-Site Scripting via Custom HTML Form Parameter vulnerability discovered by mikemyers in WordPress Plugin Formidable Forms versions = 6.16.1.2...

CVE-2024-6725

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output...

PT-2024-37825 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.11.1 Description: The issue is related to Stored Cross-Site Scripting via the html...

CVE-2024-4277

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouthtml’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin LearnPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

go2rtc 跨站脚本漏洞

go2rtc is an ultimate camera streaming application by Alex X Personal Developer that supports RTSP, RTMP, HTTP-FLV, WebRTC, MSE, HLS, MP4, MJPEG, HomeKit, FFmpeg and more. A cross-site scripting vulnerability exists in go2rtc 1.8.5 and earlier versions, which stems from the name parameter in...

CVE-2022-45928

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...

Cross-site Scripting (XSS)

krayin/laravel-crm is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the v-html parameter in table-body.vue, allowing an attacker to inject and execute malicious javascript...

Afi Solutions WebAcms 跨站脚本漏洞

Afi Solutions WebAcms is an Edi converter from Afi Solutions, Germany. A cross-site scripting vulnerability exists in Afi Solutions WebAcms, which originates from the product's Index.html file's ID parameter that does not effectively filter user input data. The vulnerability can be exploited to...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in emlog version = pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter...

Passing in a non-string 'html' argument can lead to unsanitized output

A type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function. Impact XS...

CVE-2013-3366

Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...

Hardcoded credentials

Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...

Hardcoded credentials

Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg24Mhw3...